Posts

AC Brown’s Cloud Guide – Part 4 – Cloud Service Providers

What are Cloud Service Providers

Moving from a traditional IT infrastructure to a cloud-based or hybrid infrastructure is a complicated undertaking. Cloud systems will reduce the level of control an organization has over their application, and getting the right setup is sometimes difficult. This is where Cloud Service Providers (CSP) come in. I should first point out that CSP is a Microsoft term for organizations that partner with them to provide migration, administration, architectural, security, and development services to their customers. Each of the major cloud platforms has a different name for organizations that provide services to end users and organizations, but Microsoft’s term is more appropriate in my opinion. Amazon and Google call them Manged Service Providers (MSP), but I don’t like using that to describe companies that focus on cloud services because MSPs are more on-prem service providers. Regardless, partnering with a CSP can have a number of advantages for businesses that use cloud infrastructure, so I’ll explain how they work and how to pick the right one for your company. Since I am primarily a Microsoft cloud specialist, I’ll focus mostly on how Microsoft does things, but understand that the other Cloud Providers have similar relationships with CSPs but with different terms and benefits.

How CSPs Work

One of the more common misunderstandings about Cloud Service Providers is the idea that a CSP manages its own version of a cloud platform. This is not the case. This misunderstanding is often caused by the marketing materials of large CSPs. Each Cloud Platform exists as a single entity. There is no Godaddy Office 365 or Rackspace AWS. All CSPs act as a partner with the Cloud Provider and (should) give organizations additional value in comparison with the Cloud Provider’s base services. The Cloud Provider gives a significant discount on services to a CSP or pays them a set commission for services sold to associated clients. For Microsoft, the CSP Program provides two different tiers:

The first tier allows the CSP to receive a commission on sales to clients that set them as their Partner organization (instructions on viewing/modifying that will come in a different article). The commission is either a one time flat payment per subscription or a recurring percentage of monthly billing. The percentage usually depends on how many clients the CSP has associated with them. Tier 1 CSPs are not contractually obligated to Microsoft to do anything for the associated clients, but they will most often provide administrative or managerial support. In many situations, the company that migrates an organization to O365 is set as the CSP partner for that organization. The trick here is that Tier 1 CSPs usually sell the services of a Tier 2 CSPs.

A Tier 2 CSP has significantly more involvement with end users. They provide all support for the client organization rather than Microsoft. If a problem with O365 occurs, the client will contact their CSP’s support team instead of Microsoft. If there is something that the CSP cannot resolve on their own, the CSP will work with Microsoft to solve the problem. So a CSP is like a buffer between clients and Microsoft support. This has a number of benefits to the client, the CSP, and Microsoft. The client gets the ability to choose who provides support services to them, the CSP gets to set their own price structure for Microsoft Cloud services (Tier 1 CSPs get deep discounts on Microsoft Cloud services and can either pass the savings to clients or take the difference as their service cost). The benefit to the end users can be either a lower cost or better support. The pricing benefits for Tier 2 CSPs are due to the fact that Microsoft doesn’t need to dedicate as much support personnel to their clients because the CSP does all the end user support. The vast majority of service issues can be solved by a CSP, and a large CSP may have negotiated direct access to Microsoft’s tier 3 support teams if their own personnel can’t solve the issue. Understand that for Microsoft, a CSP *must* have significant support infrastructure in place before they can become a tier 2 CSP. Some tier 2 CSPs provide “White-label” services that allow smaller CSPs to use their support infrastructure to support their clients. So, in some situations you may actually have two CSPs between you and Microsoft.

Because of the relationship Tier 1 CSPs have with Microsoft, each CSP is granted full control over pricing. You may see CSPs that charge more than a direct subscription from Microsoft. Don’t reject this out of hand until you compare the Service Level Agreements (SLAs) available from the CSP. In many cases, a CSP may charge more to provide their clients faster or more technically knowledgeable support personnel to provide service to end users. This brings us to how to best choose a CSP.

Choosing the Right CSP

The benefits of Cloud Service Providers depends heavily on what value they provide to clients. Choosing the right CSP requires a lot of careful consideration, information gathering, and discussion. When choosing a CSP, ask the following questions:

1. Does the CSP provide support that goes beyond what the Cloud Provider gives all its clients? If not, you may be better off just getting services straight from the Cloud Provider.
2. What kind of support does your organization need?
3. Does the CSP provide on-site or local/regional support teams? Does the organization need this type of support?
4. How fast do we need support? Compare the SLAs the CSPs provide against what the Cloud Provider does. If you don’t want to wait more than an hour to get support, find a CSP that promises to provide that level of service. For info, Microsoft’s SLA starts at 8 hours at minimum and within 1 hour maximum. You can pay for faster support from Microsoft if you like, but take this cost into account when choosing a CSP.
5. What other benefits does a CSP provide? Cheaper subscription prices? More personal service? Dedicated support personnel? Round the clock support for all issues?
6. Does the CSP provide easier management of the Cloud Environment? Many CSPs have a different management interface for the Cloud Platform than the default, so you may want to find a CSP who gives additional management features to their clients (pre-built automation tools, special VM templates, cost saving tools, etc).
7. Does the CSP have an established reputation for quality support?
8. Will the CSP help us migrate to the cloud in a way that minimizes end user impact without compromising usability?

CASBs as CSPs

Aside from the basic service and support available through a CSP, there’s another type of service provider for cloud environments, the Cloud Access Security Broker. CASBs focus entirely on improving the security of a cloud environment through different means. CASBs will often act as an intermediary to prevent unauthorized access, monitor VMs in the cloud, or give a security focused GUI for the Cloud Platform that allows you to quickly and easily manage security features like Multi Factor Authentication, Firewalls, Access requests, Identity and Access Management, etc. A CASB can be extremely useful for organizations to work with in many situations, and is a critical part of a cloud security strategy for larger organizations.

Final Thought

CSPs can be extremely helpful to organizations that have limited experience with cloud systems, but choosing one can be a difficult process. The right CSP varies from business to business, so it’s necessary to consider the ramifications of using a CSP to manage cloud services. Cost is not the only thing to consider. But, with the right planning and communication, a CSP can solve many of the problems that your organization may run into when working in the cloud.